<?php

require('config.php');

function getConnection($user, $pass, $mysqladd, $dbname) {
		//CONNECT TO MYSQL
		$link=mysql_connect($mysqladd,$user,$pass) or die('<Error>Database Error: ' . mysql_error() . '</Error>');
		//CONNECT TO DATABASE
		mysql_select_db($dbname, $link) or die('<Error>Could not connect to DB: ' . mysql_error() . '</Error>');
		return $link;			
}

//Add new user
function addUser($username, $password, $permission) {
		
		$query = "SELECT * FROM `user` WHERE username = '$username'";
	
		if($result = mysql_query($query)){
	        if(mysql_num_rows($result)){
	         	return 2;
	        }else{
	            $rs = mysql_query("INSERT INTO `user` (username, password, permission, joining) VALUES('$username', '$password', '$permission', '0')") or die(mysql_error());
	        	if($rs)
					return "1";
				else
					return "0";	
			}
		}else{
		    return '0';
		}
}

function updateUser($username, $password, $permission) {
		
		$query = "UPDATE `user` SET password='$password', permission='$permission' WHERE username='$username' ";
	
		if($result = mysql_query($query)){
	        return '1';
		}else{
		    return '0';
		}
}

function deleteUser($username, $password, $permission) {
	
		$query = "DELETE FROM `user` WHERE username='$username'";
	
		if($result = mysql_query($query)){
	        return '1';
		}else{
		    return '0';
		}
}

function getRegisteredUser() {
		
		$query = "SELECT * FROM `user`";
		
		if($result = mysql_query($query)){
	        echo sqlToXmlByAttr($result,"Users","user");
		}else{
		    return "<result>0</result>";
		}
}


function sqlToXmlByAttr($queryResult, $rootElementName, $childElementName){ 
	    
	    $xmlData = "<" . $rootElementName . ">";
	 
	    while($record = mysql_fetch_object($queryResult)){ 
		    
	        $xmlData .= "<" . $childElementName;
	 
	        for ($i = 0; $i < mysql_num_fields($queryResult); $i++)
	        { 
	            $fieldName = mysql_field_name($queryResult, $i); 
	 
	            $xmlData .= " " . $fieldName . "=";
	 			
	            $xmlData .= "'"; 
	            
	            if(!empty($record->$fieldName))
	                $xmlData .= $record->$fieldName; 
	            else
	                $xmlData .= "null"; 
	 
	            $xmlData .= "'"; 
	        } 
	        
	        $xmlData .= "/>"; 
	        
	    } 
	    
	    $xmlData .= "</" . $rootElementName . ">"; 
	 
	    return $xmlData; 
}

if (!isset($_POST['command'])) {
		echo "<Error>Command request</Error>";
		exit(-1);
}

$command = $_POST['command'];
$username = "";
$password = "";
$permission = "";

//Get params
if (isset($_POST['username'])) 
		$username = $_POST['username'];
if (isset($_POST['password']))
		$password = $_POST['password'];
if (isset($_POST['permission']))
		$permission = $_POST['permission'];


$conn = getConnection($mysqluser, $mysqlpass, $mysqladd, $databasename);

//Process for each commands
if ($command=="addUser") {		
		echo "<result>" . addUser($username,$password,$permission) . "</result>";
}else if ($command=="deleteUser") {
		echo "<result>" . deleteUser($username,$password,$permission) . "</result>";
}else if($command=="updateUser"){
		echo "<result>" . updateUser($username,$password,$permission) . "</result>";
}else if($command=="getRegisteredUser"){
		echo getRegisteredUser();
}			

mysql_close($conn);
?>
